1816:full

When the Antagonist Doesn’t Play by the Same Playbook

June 18, 2019

Many years ago, as a young soon-to-be National Security Council staffer, I was working on the transition between the Ford and Carter Administrations. We had decided to continue with the Ford set of interagency policy committees, but of course as a new administration, we’d have to change the names. The committee charged with reviewing covert actions programs had been called the “40 Committee,” apparently after the room in which it met. We newcomers were not yet bowed by the gravity of governing and so entertained some humor. Thus, one not-fully whimsical suggestion for the new name was the “If They Can Do It, So Can We” Committee!

By Gregory F. Treverton[1]

NOTE: The views expressed here are those of the author and do not necessarily represent or reflect the views of SMA, Inc.

Yet, “if they can do it, so can we” did not then seem right either on instrumental or ethical grounds. What I wrote thirty years ago seems apt today, when the Soviet Union is no more but when the playbook has changed: “What the Soviet Union or other countries do cannot settle the issue. We consider ourselves different from them and imagine that the difference is not only basic to what we are as a people, but also a source of American influence in the world, part of this country’s moral armor. Though our actions often belie our words, we do believe that nations should not interfere in the international affairs of their neighbors.[2]

Challenges to Tradecraft

Yet the playbook has changed, perhaps gradually in the case of intelligence tradecraft, as suggested in Table 1, more dramatically and recently in the case of influence operations, as summarized in Table 2. Many of the changes in the tradecraft are by now familiar, driven by the change in target from primarily states to primarily non-state actors, especially terrorists.[3] Most targets before 9/11 were states, large and hierarchical. The objects of scrutiny were likewise large—missiles and tank armies—and they were “over there.” Moreover, those objects had a signature, one usually linked to doctrine. If imagery captured one T‑72 Soviet tank, its brethren would be nearby; that was doctrine. So, too, the intelligence world of the late twentieth century was one of too little information, much of which had to be collected by intelligence’s special sources.

The Changed Target. The familiar changes after 9/11 were dramatic, yet still perhaps under-appreciated. Terrorist targets were small, often single individuals, and their signatures might be no more than a fleeting change of SIM card. They were not “over there,” they were both abroad and at home. If the Soviet Union was going to do what it was going to do, more or less regardless of what the United States and NATO did, that was not the case for terrorists, who were constantly looking for seams and vulnerabilities. Their actions were tightly, not loosely, coupled with our own. They were the ultimate asymmetric threat. And while penetrating terrorist cells was still very useful, if extremely hard, data was becoming ubiquitous.

Table 1: Intelligence Tradecraft, Then and Now

Before 9/11 Now and Future
Target States, primarily the Soviet Union States and transnational actors
Objects of scrutiny Mostly big, rich and central, with signature Many small, even single individuals, and peripheral, often without signature
“Story” about Target Story: states are geographic, hierarchical, bureaucratic Less story: non-states come in many sizes, shapes
Location of target Mostly “over there,” abroad Abroad and at home
Information Too little: dominated by secret sources Too much: broader range of sources, though secrets still matter
Interaction with Target Relatively little: Soviet Union would do what it would do For terrorists, Intense. States also seek to influence from within
Espionage Hard, especially for terrorists; usually light cover Cover now fleeting at best with biometrics, etc.
SIGINT Going away? Golden age over, reduced to metadata?
Form of intelligence product “Answer” for puzzles; best estimate with excursions for mysteries Perhaps “sensemaking” for complexities
Interaction with private “intelligence” Limited, mostly regarded as competition Possibly intense, people move, new possibilities for collaboration


Transparency and “Big Data.”
Indeed, these are two sides of the same coin. The same ubiquity of information that produces so much for intelligence agencies to assess also makes it impossible for their operatives to remain secret for long—and, alas, guarantees that there will be more leaks of methods if not more Edward Snowdens. Perhaps the vision of the future should be more akin to Silicon Valley where secrets are kept but not for long and where the premium is on collaboration even if today’s partner may be tomorrow’s competitor.

Biometrics and facial recognition will—indeed already have, whether or not we recognize the fact—dramatically changed espionage. The light cover for case officers provided by postings at embassies is a thing of the past, and the alternatives are not very attractive.[4]

  • Spending money to build elaborate identifies, starting with the usual false names and biographies but extending to social media. The rub is while social media can mislead, they may also unravel; as one officer trying to recruit through an on-line persona worried: what if my interlocutor suggests we Skype?
  • Using young people with little history to have to alter. This risks what I called in earlier work “conspicuous by absence”: if a young person suddenly disappears from Facebook, it all but advertises that he or she has become an intelligence officer.[5]
  • Bowing to the inevitable, and recognizing that false identifies will be fleeting, and so any use of them must be for quick one-off operations.
  • Spy from friendly locations. This would mean trying to recruit Iranians or Chinese but from London or Paris, not Beijing.
  • Relying on liaison. This became a preferred mode in the fight against terrorism. Friends, or even non-friends who shared an interest in counterterrorism, often had access to places that western services did not.

On the flip-side, ubiquitous data will be a godsend for intelligence. To be sure, the analytic challenge is greater for intelligence than for private businesses, most of which wants to predict where I will be tomorrow so they can besiege me with ads for things I like. At the National Intelligence Council (NIC), I started an experiment in the Africa account. Its premise was that while there isn’t a huge amount of intelligence information on Africa, there is a lot of data out there; the goal was an existence theorem: if the NIC, with a hundred analysts, could make use of data, any place in the Intelligence Community could. Not surprisingly, we found that social media and other available data was pretty good at predicting famine and disease. The next step was to cull “tips” from the data: where should analysts look, what connections should they probe that they hadn’t considered.

The NIC also inherited a nifty bit of crowd-sourcing that had been developed by IARPA, intelligence’s counterpart to DARPA, the Intelligence Advanced Research Projects Activity. There were two prediction markets, one classified and composed of intelligence professionals and the other unclassified. The open one was the creation of Philip Tetlock, and it had made two important discoveries. Just as some people are better athletes than others, so, too, some people are better predictors; his open market came to feature “super-predictors.”[6] Even better, a small amount of training improves prediction. Unsurprisingly, the burden of that training is helping people keep an open mind just a few seconds longer. I used the internal market as a kind of “red cell”: if the experts thought development x was y percent likely but the market was betting 2y, what was going on? I didn’t care about the numbers, it was the conversation that mattered. And I hoped to move to market from fairly short-run predictions, which could be settled soon, to longer, more strategic questions. For them, I hoped we might create way-stations on which to bet and, in the process, perhaps do better at constructing what intelligence calls “indicators.”

What Future for SIGINT? When I was in government in the mid-1990s, we used to joke, wanly, imagining a future director of the National Security Agency (NSA) starting a speech by saying: “I’m in the business of communications security. I used to be in the business of signals intelligence.” At that point in history, unbreakable encryption seemed likely to break SIGINT. (This was also the era of the ill-fated “Clipper Chip,” which made me forever skeptical of any “back doors,” however sensible-seeming.) Well, funny things—labelled cell phones and the web—came along, and SIGINT was again off to the races, in what a former U.S. deputy director of National Intelligence called the “golden age of SIGINT.”

Is that golden age ending? Apple was silly and looked unpatriotic in 2016 when it refused to comply with FBI requests to hack into a phone belonging to one of the San Bernardino terrorists, and the FBI found a third party to accomplish the hack. Yet in the near future encryption bodes to make it literally impossible for Apple to hack into one of its own cellphones. If encryption makes it increasingly impossible for SIGINT to decipher the content of messages, that will probably be a bigger problem for law enforcement than for intelligence because the latter can learn a lot from metadata. But it will be a big change in the tradecraft playbook.

New Competitors, New Colleagues. The other more recent change in tradecraft is the blurring of the line between private and government intelligence. Intelligence has always worried about the competition. A generation ago that was CNN: was intelligence always to be scooped by CNN? (I always thought that concern was misplaced: better to get it right than get it wrong, first.) Now, though, not only are private contractors critical to government intelligence (even the NIC was a third contractors), but people move much more frequently in and out of government intelligence. While the model still remains lifetime employment, the practice is more and more varied.

So, too, the list of sophisticated private organizations doing “intelligence” is a long one, from Eurasia Group through Bloomberg and Oxford Analytic to Stratfor. The possibilities for crowd sourcing are rich, as suggested by the prediction market, though the change in culture required of government intelligence organizations is also enormous. The cyber arena is also a striking example of the change. In the traditional process, if a major hack occurred, it would fall to the Intelligence Community to attribute it to the perpetrator, then policy would decide on a response, name and shame, seek indictments or whatever. Now, however, that tidy process is disrupted, for while intelligence is doing attribution, so are a host of private companies. And they will not be shy about identifying the perpetrator, never mind what the government might prefer. In the short run, this seems competition; in the long it can become creative collaboration.

The Changed Playbook of Influence Operations

The 2016 Russian interventions in the U.S. elections came a surprise. They should not have, for there was warning but from an unfamiliar quarter. A group of outside analysts had been tracking the online dimensions of the jihadists and the Syrian civil war when they came upon interesting anomalies, as early as 2014. When experts criticized the Assad regime online, they were immediately attacked by armies of trolls on Facebook and Twitter. Unrolling the network of the trolls revealed they were a new version of “honeypots,” presenting themselves as attractive young women eager to discuss issues with Americans, especially those involved in national security. The analysts made the connection to Russia but found it impossible, that early, to get anyone in the American government to listen, given the crises competing for attention.[7] Yet the case drives home the argument for crowd-sourcing. And governments do not have to do much reaching; simply being open to listening may be enough.

Much of the playbook for what is now called hybrid threats is not new.[8] Propaganda, funding to friendly groups or parties in foreign countries, use of proxies and threats to energy supplies: the world is no stranger to these tools. What is new is summarized in Table 2. Other adversaries have and will use the hybrid playbook, but so far Russia has been the pre-eminent hybrid threatener, so this discussion focuses on it.

Table 2: The Changing Playbook of Influence Operations

Traditional Now and Future
Goal Influence specific actions in a foreign country Discredit democratic processes and destabilize societies
Tools Written and other propaganda, plus other familiar tools New tools are social media-aided propaganda and cyber; nor armies on battlefield but societies versus societies
Process Propaganda campaigns around specific actions or opportunities Continuous and simultaneous employment of variety of tools; play on divisions in foreign country
Secrecy Great effort to hide hand Often “open provocateur” or “useful idiots”
Price and form of propaganda Expensive if planting an article in a foreign outlet Cheap, use trolls to plant, bots to repeat, hoping to trend for mainstream media
Kind of fakery Usually limited to plausible disinformation “Fake news” and next fake pictures and videos
Cyber None

Three forms: attack, espionage and manipulation.

  • Attack: Estonia, 2007
  • Espionage: U.S. elections, results released strategically
  • Manipulation: change data perhaps with attacked unaware
“Privatization” of influence operations Limited, mostly front companies or media outlets Hackers and trolls for hire, on a very expanded scale

The new tools in the influence operations playbook are social media-aided propaganda and cyber. Both are relatively cheap: planting an article in a foreign newspaper was not easy and sometimes was expensive; by contrast, all that is required now is for trolls to post on social media, and bots (probably automated) to spread the post in the hope of having it “trend” and thus be picked up by mainstream media. The relative cheapness will make these tools attractive to other countries and groups. And for social media, the next threat, already with us, will be not just “fake” words but fake pictures and videos, ones whose fakery will not be easy—or quick—to prove.

Both offer some possibility of what we called in an earlier era “plausible denial,” though one of the interesting questions is how much adversary influence operators will want to hide the actions. What is not new but striking is the extent to which the tools in the hybrid playbook are used simultaneously and strategically. Hybrid threats complete the blurring of combatants and non-combatants: the sides are not armies on a battlefield but societies (or groups).

So far, most of the cyber threats have been either destruction or espionage. The 2007 attack on Estonia was a harbinger of the former, the Russian intervention in the 2016 U.S. elections a poster child for the latter. Destructive attacks stretch the definition of hybrid threats since they achieve kinetic effects with non-kinetic means.

The other open question about the future of both intelligence and influence operations is the role of private actors. Certainly, there are “hackers for hire,” ditto trolls, and so a rich country like Saudi Arabia surely will “buy” cyber operations and social media-aided propaganda. In one recent case, the United Arab Emirates (UAE) hired former U.S. CIA and NSA officers to, first, break into iPhones around the world, and spy on people in Qatar, Yemen, Iran, and Turkey, according to press accounts. Then the UAE company, DarkMatter, arranged for a connection between an Israeli company, NSO Group, and Saudi Arabia to develop the Saudi hacking capacity.[9] Surely, the availability of “hired guns,” even from western intelligence services, is not new, but the scale, money to be made and technology to be adapted may make for a qualitative difference in the future playbook.

“If They Can Do It, So Can We”

This old line seems, if anything, less apt than ever, despite the changed playbook. I was dismayed at how often in the aftermath of 9/11 when I was speaking to audiences someone would come up to me afterward and argue, with passion, that to defeat the terrorists, we had to be just as nasty as they were. Indeed, inside government I worried that, in the combatting the terrorists, we’d wake up one morning and discover that we were just as bad as they. The interagency process for “find, fix and finish” was careful, but I was more than happy not to be a participant. Hard enough to occasionally see the lists of terrorists that were now allowed to be killed.

The other set of ethical issue raised by the playbook of the fight against terrorism is now well known, if not yet settled. It has two related parts. One is how, given that the terrorist target requires assembling lots of information on our own citizens, does the government and its intelligence services assure that their privacy is not invaded in the process. The related part is how the social contract between intelligence and society is reshaped to account for that changed target. The old contract amounted to “we will keep you secure if you will permit us to do things abroad that would be unacceptable at home.” The new one requires society’s agreement to let intelligence do things at home that are unacceptable, provided they are done with as much transparency and due process as possible. That, reshaping of social contract is, to be sure, still a work in progress, more so in the United States than in, for example, Britain.

For the new playbook of influence operations, again the ethical and practical guidance seems the opposite of “if they can do it, so can we.” Against the new playbook of influence operations, the main things democracies have going for them is an educated population and free press. The last thing they should do is emulate Vladimir Putin and engage in disinformation. Anything that appears to degrade the free press is to play into adversaries’ hands. That is why the prospect that “truth” will be widely regarded as personal, or political or partisan is so dangerous. Mr. Trump’s “false facts” are the poster-child, but the question is how deep and abiding this trend will be.

Second, leaders in other Western nations should be open and outspoken about the nature of the challenge, as doing so has been shown to be highly effective in raising public awareness and decreasing potential targets’ susceptibility to information operations. Then, while chasing every false fact is impossible, recent episodes—like the Macro elections in France—illustrate the value of countering fake news as fast as possible.

For intelligence, there is no better guidance than to double down on trying to distinguish what is likely true from what is not. False facts, in principle, make real ones more valuable, and their identification more pressing. The question is: will anyone listen when all the wonderful technologies designed to connect people have divided them in “echo chambers” where they hear only what they want and learn only what they already knew?

[1] This is adapted from a presentation to an international conference, “Intelligence Ethics and Oversight,” hosted by the Centre for Asymmetric Threat Studies of the Swedish National Defense University, May 22–23, 2019.

[2] Treverton, Gregory F. “Covert Action and Open Society.” Foreign Affairs 65, no. 5 (1987): 995-1014. doi:10.2307/20043198.

[3] This draws on my “The Future of Intelligence,” September 20, 2017, available at https://www.smawins.com/news/the-future-of-intelligence/

[4] Edward Lucas, “The Spycraft Revolution,” Foreign Policy, April 27, 2019, available at https://foreignpolicy.com/2019/04/27/the-spycraft-revolution-espionage-technology/

[5] See New Tools for Collaboration: The Experience of the U.S. Intelligence Community, Center for Strategic and International Studies, January 2016, available at https://www.csis.org/analysis/new-tools-collaboration

[6] Philip E. Tetlock and Dan Gardner, Superforecasting: The Art and Science of Prediction, Crown Publishers, 2015.

[7] See Andrew Weisburd and Clint Watts, “Trolling for Trump: How Russia is Trying to Destroy Our Democracy, November 2016, available at https://warontherocks.com/2016/11/trolling-for-trump-how-russia-is-trying-to-destroy-our-democracy/

[8] See my Addressing Hybrid Threats, (with Andrew Thvedt, Alicia Chen and others), Swedish Defence University Center for Asymmetric Threat Studies, April 2018, available at https://www.hybridcoe.fi/wp-content/uploads/2018/05/Treverton-AddressingHybridThreats.pdf

[9] As reported in “The UAE’s Covert Web of Spies, Hackers and Mercenary Death Squads,” TRTWorld, 5 February 2019, available at https://www.trtworld.com/magazine/the-uae-s-covert-web-of-spies-hackers-and-mercenary-death-squads-23805

Edited by Dick Eassom, CF APMP Fellow
Published on June 18, 2019, by SMA, Inc.